To address this vulnerability, authentication has been implemented for the datastores in Docker as default, using the username/password for beeinstana, clickhouse, elasticsearch, kafka, and postgres.
Additionally, using a specific Docker network instead of a host network enhances the security of all datastores
We have released the following security bulletin for this issue https://www.ibm.com/support/pages/node/6959969 IBM strongly recommends addressing the vulnerability now by upgrading to 247
Use your appropriate package manager command to update to a desired package version of Instana console.
See the following example for Ubuntu: To get the latest version, run the command as follows: sudo apt-get install instana-console
Posted Apr 27, 2023 - 11:12 UTC
Identified
Docker-based datastores for IBM Instana do not currently require authentication Due to this, an attacker within the network or on the system could access the data stores with read/write access (CVE-2023-27290).